[Vince]

Quote:

Originally Posted by Mauzen SA-MP traffic is not just on port 7777. Clients get an unique port assigned on connection, you cant efficiently connect multiple remote clients to the same port (without further effort). So if im not completely wrong, blocking everything but the server port would mean players can still query the server, and attempt to connect to it, but they couldnt ever join the server. The server doesnt listen on ports that werent sent to a player anyways, so just blocking everything wont change a thing, the dDOS just needs to target a port that isnt blocked, they usually dont target any ports except the server port (7777) anyways afaik.

Well, this model (albeit slightly modified) is currently in place on my VPS and it works fine. These are the iptables rules:

Код:

num   pkts bytes target     prot opt in     out     source               destination
1     423K  113M ACCEPT     all  --  lo     any     anywhere             anywhere
2     151M   14G ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
3    2489K 5650M ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:7777
4       40 83522 ACCEPT     udp  --  eth0   any     anywhere             anywhere             udp dpt:7778
5     1098 65262 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http
6      240 10492 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https
7     182K   11M ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
8      229  9296 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:mysql
9    2630K 5785M DROP       all  --  any    any     anywhere             anywhere